{"id":3728,"date":"2018-12-07T18:55:54","date_gmt":"2018-12-07T10:55:54","guid":{"rendered":"http:\/\/switch.linesno.com\/?p=3728"},"modified":"2018-12-07T18:55:54","modified_gmt":"2018-12-07T10:55:54","slug":"%e8%a7%a3%e5%86%b3cas%e5%86%85%e5%a4%96%e7%bd%91%e5%8f%8cip%e8%ae%bf%e9%97%ae%e7%9a%84%e9%97%ae%e9%a2%98","status":"publish","type":"post","link":"http:\/\/switch.linesno.com\/?p=3728","title":{"rendered":"\u89e3\u51b3CAS\u5185\u5916\u7f51\u53ccIP\u8bbf\u95ee\u7684\u95ee\u9898"},"content":{"rendered":"

\u6700\u8fd1\u9879\u76ee\u5206\u7ed9\u6211\u4e00\u4e2a\u9700\u6c42\u89e3\u51b3CAS\u8ba4\u8bc1\u767b\u9646\u7684\u5185\u5916\u7f51\u53ccIP\u8bbf\u95ee\u7684\u95ee\u9898\uff0c\u5f53\u4f7f\u7528\u901a\u7528\u7684CAS\u7edf\u4e00\u8ba4\u8bc1\u670d\u52a1\u65f6\uff0c\u7531\u4e8eWEB\u5e94\u7528\u5de5\u7a0b\u4e2dweb.xml\u914d\u7f6e\u7684CAS\u5730\u5740\u662f\u56fa\u5b9a\u7684\uff0c\u800c\u4e0d\u662f\u4e00\u4e2a\u52a8\u6001\u7684\u5730\u5740\uff0c\u5f53\u5c06WEB\u5e94\u7528\u670d\u52a1\u5668\u4f8b\u5982TOMCAT\u7aef\u53e3\u6620\u5c04\u5916\u7f51\u540e\uff0c\u5728\u8bbf\u95ee\u5e94\u7528\u65f6\u4f1a\u81ea\u52a8\u6839\u636e\u5728web.xml\u6587\u4ef6\u4e2d\u53bb\u914d\u7f6e\u5bf9\u5e94\u7684CAS\u5730\u5740\uff0c\u800c\u6b64\u65f6\u7684\u5730\u5740\u53ea\u80fd\u662f\u5185\u7f51\u4f7f\u7528\uff0c\u5916\u7f51\u81ea\u7136\u65e0\u6cd5\u627e\u5230\uff0c\u5219\u65e0\u6cd5\u767b\u9646\uff0c\u800c\u7531\u4e8e\u9879\u76ee\u7684\u672c\u8eab\u9700\u8981\uff0c\u5fc5\u987b\u8981\u540c\u65f6\u5185\u5916\u7f51\u90fd\u80fd\u8bbf\u95ee\uff0c\u7531\u6b64\u770b\u4e86\u4e00\u5468\u6e90\u7801\u540e\uff0c\u63d0\u4f9b\u4ee5\u4e0b\u89e3\u51b3\u65b9\u6848\u3002<\/p>\n

\u4f9b\u5de5\u5177\u7c7b<\/p>\n

public class HttpConnectionUtil {
\n\/\/\u8bfb\u53d6\u914d\u7f6e\u6587\u4ef6\u4fe1\u606f
\nstatic Properties prop = new Properties();
\nstatic{
\nInputStream inStream = HttpConnectionUtil.class.getClassLoader().getResourceAsStream(“application.properties”);
\ntry {
\nprop.load(inStream);
\n} catch (IOException e) {
\ne.printStackTrace();
\n}
\n}<\/p>\n

\/**
\n*
\n* @param name
\n* @return
\n*\/
\n\/\/\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u901a\u8fc7\u952e\u53d6\u503c
\npublic static String getByName(String name){
\nreturn prop.getProperty(name);
\n}
\n\/\/\u5224\u65ad\u662f\u5185\u7f51\u73af\u5883\u8fd8\u662f\u5916\u7f51\u73af\u5883
\npublic static boolean isInner(String clientIP) {
\nString reg = “(10|172|192|127)\\\\.([0-1][0-9]{0,2}|[2][0-5]{0,2}|[3-9][0-9]{0,1})\\\\.([0-1][0-9]{0,2}|[2][0-5]{0,2}|[3-9][0-9]{0,1})\\\\.([0-1][0-9]{0,2}|[2][0-5]{0,2}|[3-9][0-9]{0,1})”;
\nPattern p = Pattern.compile(reg);
\nMatcher matcher = p.matcher(clientIP);
\nreturn matcher.find();
\n}
\n}<\/p>\n

\u6e90\u7801\u89e3\u8bfb\uff1a
\n\u672c\u9879\u76ee\u662fcas\u548cshiro\u7684\u6574\u5408\uff0ccas\u8ba4\u8bc1\u767b\u9646\u52a0\u5165\u5230shiro\u7684\u8fc7\u6ee4\u8fde\u91cc\u9762\uff1a
\n\u5728web.xml\u91cc\u9762\u914d\u7f6e\uff1a<\/p>\n

<!– \u5355\u70b9\u767b\u5f55end –>
\n<filter>
\n<filter-name>shiroFilter<\/filter-name>
\n<filter-class>org.springframework.web.filter.DelegatingFilterProxy<\/filter-class>
\n<init-param>
\n<param-name>targetFilterLifecycle<\/param-name>
\n<param-value>true<\/param-value>
\n<\/init-param>
\n<!– \u8bbe\u7f6espring\u5bb9\u5668filter\u7684bean id\uff0c\u5982\u679c\u4e0d\u8bbe\u7f6e\u5219\u627e\u4e0efilter-name\u4e00\u81f4\u7684bean–>
\n<init-param>
\n<param-name>targetBeanName<\/param-name>
\n<param-value>shiroFilter<\/param-value>
\n<\/init-param>
\n<\/filter>
\n<filter-mapping>
\n<filter-name>shiroFilter<\/filter-name>
\n<url-pattern>\/*<\/url-pattern>
\n<\/filter-mapping><\/p>\n

\u7136\u540e\u8fc7\u6ee4\u94fe\u5728spring\u5bb9\u5668\u91cc\u9762\u627eid\u4e3ashiroFilter\u7684bean\u5de5\u5382<\/p>\n

<bean id=”casFilter” class=”org.apache.shiro.cas.CasFilter”>
\n<!– \u914d\u7f6e\u9a8c\u8bc1\u9519\u8bef\u65f6\u7684\u5931\u8d25\u9875\u9762 –>
\n<!–<property name=”failureUrl” value=”\/error.jsp”\/> –>
\n<!– <property name=”failureUrl” value=”\/casFailure.jsp” \/> –>
\n<!– <property name=”successUrl” value=”\/front3\/index.html”\/> –>
\n<property name=”failureUrl” value=”${common_in.ip}\/disrec” \/>
\n<\/bean>
\n<!– <bean id=”casRealm” class=”com.zonekey.disrec.service.auth.ShiroDbRealm”>
\n<property name=”cachingEnabled” value=”true” \/>
\n<property name=”authenticationCachingEnabled” value=”true” \/>
\n<property name=”authenticationCacheName” value=”authenticationCache” \/>
\n<property name=”authorizationCachingEnabled” value=”true” \/>
\n<property name=”authorizationCacheName” value=”authorizationCache” \/><\/p>\n

<property name=”casServerUrlPrefix” value=${login.ip}\/>
\n\u5ba2\u6237\u7aef\u7684\u56de\u8c03\u5730\u5740\u8bbe\u7f6e\uff0c\u5fc5\u987b\u548c\u4e0b\u9762\u7684shiro-cas\u8fc7\u6ee4\u5668\u62e6\u622a\u7684\u5730\u5740\u4e00\u81f4
\n<property name=”casService” value=”${common.ip}\/disrec\/shiro-cas”\/>
\n<\/bean> –>
\n<bean id=”casRealm” class=”com.zonekey.disrec.service.auth.ShiroDbRealm”>
\n<property name=”cachingEnabled” value=”true” \/>
\n<property name=”authenticationCachingEnabled” value=”true” \/>
\n<property name=”authenticationCacheName” value=”authenticationCache” \/>
\n<property name=”authorizationCachingEnabled” value=”true” \/>
\n<property name=”authorizationCacheName” value=”authorizationCache” \/>
\n<property name=”casServerUrlPrefix” value=”${login_in.ip}” \/>
\n<!– \u8be5\u5730\u5740\u4e3aclient1 \u7684\u8bbf\u95ee\u5730\u5740+ \u4e0b\u9762\u914d\u7f6e\u7684cas filter –>
\n<property name=”casService” value=”${common_in.ip}\/disrec\/shiro-cas” \/>
\n<\/bean><\/p>\n

<bean id=”securityManager” class=”org.apache.shiro.web.mgt.DefaultWebSecurityManager”>
\n<property name=”realm” ref=”casRealm”\/>
\n<property name=”rememberMeManager” ref=”rememberMeManager” \/>
\n<property name=”subjectFactory” ref=”casSubjectFactory”\/>
\n<\/bean><\/p>\n

<!– rememberMe\u7ba1\u7406\u5668 \u5982\u9700\u8981\u8bb0\u4f4f\u529f\u80fd \u53ef\u5220\u6389\u76f8\u5173\u914d\u7f6e<span style=”white-space:pre”> <\/span>
\nrememberMe cookie\u52a0\u5bc6\u7684\u5bc6\u94a5 \u5efa\u8bae\u6bcf\u4e2a\u9879\u76ee\u90fd\u4e0d\u4e00\u6837 \u9ed8\u8ba4AES\u7b97\u6cd5 \u5bc6\u94a5\u957f\u5ea6\uff08128 256 512 \u4f4d\uff09 –>
\n<bean id=”rememberMeManager” class=”org.apache.shiro.web.mgt.CookieRememberMeManager”>
\n<property name=”cipherKey”
\nvalue=”#{T(org.apache.shiro.codec.Base64).decode(‘4AvVhmFLUs0KTA3Kprsdag==’)}” \/>
\n<property name=”cookie” ref=”rememberMeCookie” \/>
\n<\/bean><\/p>\n

<!– \u4f1a\u8bddID\u751f\u6210\u5668 –>
\n<bean id=”sessionIdGenerator” class=”org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator” \/><\/p>\n

<!– \u4f1a\u8bddCookie\u6a21\u677f –>
\n<bean id=”sessionIdCookie” class=”org.apache.shiro.web.servlet.SimpleCookie”>
\n<constructor-arg value=”sid” \/>
\n<property name=”httpOnly” value=”true” \/>
\n<property name=”maxAge” value=”-1″ \/>
\n<\/bean><\/p>\n

<bean id=”rememberMeCookie” class=”org.apache.shiro.web.servlet.SimpleCookie”>
\n<constructor-arg value=”rememberMe” \/>
\n<property name=”httpOnly” value=”true” \/>
\n<property name=”maxAge” value=”2592000″ \/><!– 30\u5929 –>
\n<\/bean><\/p>\n

<!– \u4f1a\u8bddDAO –>
\n<bean id=”sessionDAO” class=”org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO”>
\n<property name=”activeSessionsCacheName” value=”shiro-activeSessionCache” \/>
\n<property name=”sessionIdGenerator” ref=”sessionIdGenerator” \/>
\n<\/bean><\/p>\n

<bean id=”logout” class=”org.apache.shiro.web.filter.authc.LogoutFilter”>
\n<property name=”redirectUrl” value=”${login_in.ip}\/cas\/logout?service=${common_in.ip}\/disrec\/shiro-cas\/” \/>
\n<\/bean><\/p>\n

<!– \u5982\u679c\u8981\u5b9e\u73b0cas\u7684remember me\u7684\u529f\u80fd\uff0c\u9700\u8981\u7528\u5230\u4e0b\u9762\u8fd9\u4e2abean\uff0c\u5e76\u8bbe\u7f6e\u5230securityManager\u7684subjectFactory\u4e2d –>
\n<bean id=”casSubjectFactory” class=”org.apache.shiro.cas.CasSubjectFactory”\/>
\n**\/\/\u8fd9\u4e2a\u5c31\u662f\u6211\u4eec\u8981\u6539\u6e90\u7801\u7684\u5730\u65b9**
\n<bean id=”formAuthenticationFilter” class=”com.zonekey.disrec.common.utils.redirectIP.MyFormAuthenticationFilter” \/>
\n<!– \u4fdd\u8bc1\u5b9e\u73b0\u4e86Shiro\u5185\u90e8lifecycle\u51fd\u6570\u7684bean\u6267\u884c –>
\n<bean id=”lifecycleBeanPostProcessor” class=”org.apache.shiro.spring.LifecycleBeanPostProcessor”\/>
\n<!– \u76f8\u5f53\u4e8e\u8c03\u7528SecurityUtils.setSecurityManager(securityManager) –><\/p>\n

<bean class=”org.springframework.beans.factory.config.MethodInvokingFactoryBean”>
\n<property name=”staticMethod” value=”org.apache.shiro.SecurityUtils.setSecurityManager” \/>
\n<property name=”arguments” ref=”securityManager” \/>
\n<\/bean><\/p>\n

\u4e00\u822c\u662f\u4e0d\u9700\u8981\u6539\u52a8\u6e90\u7801\uff0c\u53ea\u662f\u7528\u5b50\u7c7b\u7ee7\u627f\u57fa\u7c7b\u80fd\u8fbe\u5230\u6539\u52a8\u6548\u679c<\/p>\n

package com.zonekey.disrec.common.utils.redirectIP;<\/p>\n

import java.io.IOException;<\/p>\n

import javax.servlet.ServletContext;
\nimport javax.servlet.ServletRequest;
\nimport javax.servlet.ServletResponse;
\nimport javax.servlet.http.HttpServletRequest;
\nimport javax.servlet.http.HttpServletResponse;<\/p>\n

import org.apache.shiro.cas.CasFilter;
\nimport org.apache.shiro.spring.web.ShiroFilterFactoryBean;
\nimport org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
\nimport org.apache.shiro.web.filter.authc.LogoutFilter;
\nimport org.apache.shiro.web.util.WebUtils;
\nimport org.springframework.context.ApplicationContext;
\nimport org.springframework.web.context.support.WebApplicationContextUtils;<\/p>\n

import com.zonekey.disrec.service.auth.ShiroDbRealm;<\/p>\n

public class MyFormAuthenticationFilter extends FormAuthenticationFilter{<\/p>\n

\/**
\n* loginUrl\u5730\u5740\u91cd\u5199
\n*\/
\nprotected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
\nHttpServletRequest req=(HttpServletRequest)request;
\nHttpServletResponse res=(HttpServletResponse)response;
\n\/\/\u52a8\u6001\u83b7\u53d6\u8bf7\u6c42\u670d\u52a1\u7aef\u7684\u5730\u5740
\nString serverIp=req.getRequestURL().toString();
\n\/\/\u8bf7\u6c42\u8d44\u6e90
\nString serverAddr=req.getRequestURI();
\n\/\/\u52a8\u6001\u622a\u53d6\u8bf7\u6c42\u670d\u52a1IP
\nString commonIp=serverIp.substring(0,serverIp.indexOf(serverAddr));
\n\/\/System.out.println(“commonIP:”+commonIp);
\n\/\/String common_in = ReadProperties.getByName(“common_in.ip”);
\nString login_in = HttpConnectionUtil.getByName(“login_in.ip”);
\nif(login_in==null) login_in= commonIp+”\/cas”;
\n\/\/String common_out = ReadProperties.getByName(“common_out.ip”);
\nString login_out = HttpConnectionUtil.getByName(“login_out.ip”);
\nif(login_out==null) login_out= commonIp+”\/cas”;
\n\/\/\u83b7\u53d6servletContext\u5bb9\u5668
\nServletContext sc=req.getSession().getServletContext();
\n\/\/\u83b7\u53d6web\u73af\u5883\u4e0bspring\u5bb9\u5668
\nApplicationContext ac=WebApplicationContextUtils.getWebApplicationContext(sc);
\n\/\/ApplicationContextUtil ac=new ApplicationContextUtil();
\nShiroDbRealm shiroDbRealm=(ShiroDbRealm)ac.getBean(“casRealm”);
\nLogoutFilter logoutFilter=(LogoutFilter)ac.getBean(“logout”);<\/p>\n

\/\/\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u6ce8\u610f\u662f\u6b64\u5904\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00\u4e00
\nShiroFilterFactoryBean shiroFilter=(ShiroFilterFactoryBean) ac.getBean(“&shiroFilter”);
\nString clientIP=null;
\nif (req.getHeader(“x-forwarded-for”) == null) {
\nclientIP=req.getRemoteAddr();
\n}else{
\nclientIP=req.getHeader(“x-forwarded-for”);
\n}
\n\/*System.out.println(“clientIp:”+clientIP);
\nSystem.out.println(“isInner:”+HttpConnectionUtil.isInner(clientIP));*\/
\nif(!HttpConnectionUtil.isInner(clientIP)){
\nshiroFilter.setLoginUrl(login_out+”\/login?service=”+commonIp+req.getContextPath()+”\/shiro-cas”);
\n\/\/casFilter.setFailureUrl(map.get(“common_out.ip”)+”\/disrec”);
\n\/\/shiroDbRealm.setCasServerUrlPrefix(login_out);
\nshiroDbRealm.setCasService(commonIp+req.getContextPath()+”\/shiro-cas”);
\nlogoutFilter.setRedirectUrl(login_out+”\/logout?service=”+commonIp+req.getContextPath()+”\/shiro-cas”);
\n\/\/\u4e8c\u4e8c\u4e8c${common_out.ip}\/sysmanagement\/shiro-cas
\n}else{
\nshiroFilter.setLoginUrl(login_in+”\/login?service=”+commonIp+req.getContextPath()+”\/shiro-cas”);
\n\/\/casFilter.setFailureUrl(map.get(“common_in.ip”)+”\/disrec”);
\n\/\/shiroDbRealm.setCasServerUrlPrefix(login_in);
\nshiroDbRealm.setCasService(commonIp+req.getContextPath()+”\/shiro-cas”);
\nlogoutFilter.setRedirectUrl(login_in+”\/logout?service=”+commonIp+req.getContextPath()+”\/shiro-cas”);
\n}
\nWebUtils.issueRedirect(req, res, shiroFilter.getLoginUrl());
\n}<\/p>\n

}<\/p>\n

\u7531\u6b64\u53ccIP\u95ee\u9898\u5f97\u5230\u4e86\u89e3\u51b3<\/p>\n

\u6574\u4e2a\u601d\u8def\uff1aclient\u53d1\u8d77\u8bf7\u6c42\uff0c\u622a\u53d6\u5230client\u7684\u8bf7\u6c42\u8def\u5f84\u5224\u65ad\u7528\u6237IP\u662f\u5185\u7f51\u8fd8\u662f\u5916\u7f51\u8bbf\u95ee\uff0c\u7136\u540e\u518d\u8ba4\u8bc1\u6210\u529f\u91cd\u5b9a\u5411\u8def\u5f84\u52a8\u6001\u91cd\u5199\u767b\u9646\u6210\u529f\u8df3\u8f6c\u7684\u8def\u5f84\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u6700\u8fd1\u9879\u76ee\u5206\u7ed9\u6211\u4e00\u4e2a\u9700\u6c42\u89e3\u51b3CAS\u8ba4\u8bc1\u767b\u9646\u7684\u5185\u5916\u7f51\u53ccIP\u8bbf\u95ee\u7684\u95ee\u9898\uff0c\u5f53\u4f7f\u7528\u901a\u7528\u7684CAS\u7edf\u4e00\u8ba4\u8bc1\u670d\u52a1\u65f6\uff0c\u7531\u4e8eWEB […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-3728","post","type-post","status-publish","format-standard","hentry","category-day"],"_links":{"self":[{"href":"http:\/\/switch.linesno.com\/index.php?rest_route=\/wp\/v2\/posts\/3728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/switch.linesno.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/switch.linesno.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/switch.linesno.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/switch.linesno.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3728"}],"version-history":[{"count":1,"href":"http:\/\/switch.linesno.com\/index.php?rest_route=\/wp\/v2\/posts\/3728\/revisions"}],"predecessor-version":[{"id":3729,"href":"http:\/\/switch.linesno.com\/index.php?rest_route=\/wp\/v2\/posts\/3728\/revisions\/3729"}],"wp:attachment":[{"href":"http:\/\/switch.linesno.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/switch.linesno.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3728"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/switch.linesno.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}